I guess you misunderstand my issue...
I'm able to login to the ISPConfig control panel (over port 8080, with an unsigned certificate, I'm fine with that)...

I'm trying to add an SSL certificate to one of the websites which is hosted on that server via ISPConfig...
The settings in ISPConfig seem right, I pasted the SSL cert into the second large field on the SSL tab of the website (including the ---begin, end--- delimiters), I enabled SSL on the main tab of that website, and if I go to my FTP server I can see that it did save the *.crt file correctly in the /ssl folder (if I open the file, it is the certificate signed by GeoTrust)...

I also tried to add this directive via ISPConfig

SSLCertificateChainFile /var/www/domain.ext/ssl/domain.ext.crt

After saving, when I go to the /etc/apache2/sites-availabledomain.ext.vhost I can see that that directive is presont on the last line (within the vhost tags)
I still end up with IE not being able to open any page (if I use https, http is fine)...

Edit: also tried editing the vhost tag from *:80 to *:443 or ext.ip.address:443 orr just *)...but nothing...

Please do not edit any of the apache config files manually, if you did any changes already, undo them as tehy will prevent the ssl website to work later. The procedure to install a ssl certificate in a website is:

1) Select the IP address in the site settings instead of *. If the IP does not show up, add it under System > Server IP.
2) Enable the ssl checkbox in the site settings.
3) Create a ssl certificate on the ssl certificate tab. If you have already created a cert that does not work, then delete this cert by selecting delete as action and press on save before you create a new ssl cert. Now test that the ssl site works with the self signed ssl cert.
4) If you want to use a signed ssl cert, then use the csr that ispconfig shows in the first field. Dont use any other csr as the crt and key will not match later and the sl site will fail.

Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...

But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...

Do I really need to set that fixed IP? if I do, all my other sites redirect to that one site... if so I need to get a separate IP for every SSL site? (not really a problem, but just confirming before I get a second IP)...

Click to expand...

Just dont mix * and IP. If you switch all sites to use the IP, it will work again.

But I can't get a new cert, I already generated the csr via openssl and purchased the ssl cert with GeoTrust...

Click to expand...

Then you will have to replace cert and key manually in the ssl folder. But the ssl authority should also resign your cert for free based on the csr created in ispconfig. Thats nemed rekeying.

Edit: I did do what you told me, I added the fixed IP instead of the *, enabled SSL, createda a self signed certificate via the SSL tab, saved it, still nothing...

I got it to work for a minute with a self signed cert, but when I try te add my own cert (replacing the key manually) it does not work anymore...

The virtualhost with ip:443 was added (by ISPConfig) in the vhosts file of the website, but now the virtual host is not created anymore...

1. Created self signed cert: working

After this
1. Deleted the self signed certificate
2. Inserted the real certificate data in the certificate field, saved (gave the system some time, and waited for the *.crt file to appear in the ssl folder)...
3. added the www.domain.ext.key file manually to the ssl dir...

Edit: So it works now, agian with a self signed cert, now I replaced the files in the ssl dir, but it keeps using the self signed cert...

Edit 2: Got it... I removed al the certs from the ssl dir, and uploaded my own stuff, now it takes the signed certificate... and it just works perfect